node package manager
It’s your turn. Help us improve JavaScript. Take the 2017 JavaScript Ecosystem Survey »



Passport strategy for authenticating with MercadoLibre using the OAuth 2.0 API.

Learn more about MercadoLibre OAuth schema here.


$ npm install passport-mercadolibre


The Mercadolibre authentication strategy authenticates users using a Mercadolibre account and OAuth 2.0 tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

You can obtain the client ID and secret by creating a MercadoLibre app here.

var MercadoLibreStrategy = require('passport-mercadolibre').Strategy;
passport.use(new MercadoLibreStrategy({
    clientID: 'YOUR_CLIENT_ID',
    clientSecret: 'YOUR_CLIENT_SECRET',
    callbackURL: '',
  function (accessToken, refreshToken, profile, done) {
    // + store/retrieve user from database, together with access token and refresh token 
    return done(null, profile); 
passport.serializeUser(function (user, done) {
  done(null, user);
passport.deserializeUser(function (user, done) {
  done(null, user);


Use passport.authorize(), specifying the 'mercadolibre' strategy, to authenticate requests.

For example, as route middleware in an Express application:

  passport.authorize('mercadolibre', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home. 
app.get('/', ensureAuthenticated, 
  function(req, res) {
    res.send("Logged in user: " + req.user.nickname);
function ensureAuthenticated(req, res, next) {
  if (req.isAuthenticated()) { 
    return next(); 

The properties available in the user object are:

  • provider --> mercadolibre
  • nickname
  • first_name
  • last_name
  • email
  • accessToken

But you can get more information (a lot more!) accessing the raw user profile as provided by MercadoLibre:

  • _raw --> raw server response
  • _json --> JSON object with server response

Note: Please notice that the module internally sets up the HTTPS module for using SSL v3 as shown below:

https.globalAgent.options.secureProtocol = 'SSLv3_method';


The MIT License


Thanks to for the README and file structure.